Fenbushi Capital managing partner Bo Shen has lost $42 million worth of personal crypto through a wallet hack allegedly caused by a compromised seed phrase.
Bo Shen said that no funds from Fenbushi, a blockchain-focused venture capital firm in Asia, were compromised in the attack that lost him $38 million USDC.
Bo Shen added that local law enforcement, the Federal Bureau of Investigation, and attorneys were working on the case.
Bo Shen attack reminds crypto users about security lapses
The attack on the wallet belonging to Bo Shen comes as confidence in the crypto industry is on shaky ground after the implosion of the Bahamian exchange FTX. Several traditional banks that did business with crypto firms have been left holding the bag as crypto deposits dwindle and loans borrowed by crypto companies are not serviced.
Hollywood star Bill Murray lost 119.2 ETH after an NFT charity auction in Sep. 2022. The auction was held in partnership with Coinbase. Hackers transferred the stolen funds to wallets on two centralized exchanges using fake identification. The hacker likely got access to Murray’s wallet through a compromised seed phrase that exposed his private key. Fortunately for Murray, a Coinbase user donated $187,500 worth of ETH to replace the stolen funds.
Additionally, FTX lost $400 million in a recent hack, with the hacker sideloading malware onto the FTX app. They converted stolen ETH to renBTC for bridging onto the Bitcoin network. Investigators predicted they would pass the BTC through a bitcoin mixer to obscure the money trail.
While phishing attacks on customers like centralized exchanges are common using social engineering techniques, a somewhat less popular phishing method targets more tech-savvy crypto users that hold crypto in self-custodial wallets.
A wallet holder can receive an email with the promise of a crypto giveaway. As in a classic phishing scenario, scammers prompt a user to click on a link to a bogus website. After that, the user sees various popular wallets, including MetaMask, Blockchain.com, Coinbase, Binance, and Exodus. The scammers then prompt the use to click on the brand of their wallet and enter their seed phrase. If the seed phrase entered is correct, the user will likely lose most of their crypto.
Bo Shen wallet possibly hacked by acquiring seed phrases
Attacks like the one on Bo Shen are a timely reminder of the importance of keeping one’s seed phrase safe. While holding crypto in a self-custodial wallet, i.e., a wallet not controlled by a third party like Coinbase, the user is responsible to minimize loss. A wallet is essentially a software storage container for public and private crypto keys.
A private key is a long string of numbers that can be tedious to use. Accordingly, a wallet vendor will often provide a more user-friendly 12-24 word seed phrase or mnemonic that represents the key. Using cryptographic techniques, the user’s public and private keys can be derived from the mnemonic.
Since hackers can derive a user’s private key from the mnemonic, it is crucial to write the mnemonic down. After that, store it in a safe place, such as a locked drawer or a safe. It is advisable to secure multiple copies of the mnemonic, perhaps in a safety deposit box at a bank, a locked drawer, and a safe.
It is advisable never to store the mnemonic digitally since it holds the information needed to recreate your private key. If a criminal gains access to the mnemonic, they can drain your crypto wallet.
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.